1 / 27

Anonymous Roaming Authentication Protocol with ID-based Signatures

Anonymous Roaming Authentication Protocol with ID-based Signatures. Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin University of Science & Technology, Taiwan E-mail: wuulc@yuntech.edu.tw. Outline. Introduction Roaming Authentication Protocol

whitney-golden
Télécharger la présentation

Anonymous Roaming Authentication Protocol with ID-based Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin University of Science & Technology, Taiwan E-mail: wuulc@yuntech.edu.tw

  2. Outline • Introduction • Roaming Authentication Protocol • Security Analysis • Performance Analysis • Conclusion

  3. Introduction • The mobile communication environment • Access data at any place and at any time • Security issues • Data privacy • Data integrity • Mutual authentication • Anonymity • Non-repudiation

  4. MS MS Introduction • An authentication server exists in each network • Authenticate roaming users before providing any service Foreign Network Home Network ASFN AS: Authentication Server ASHN Roaming Service Request Accept/Reject Roaming MS: Mobile Station

  5. Introduction • Roaming Authentication Methods: • On-Line Authentication • Off-Line Authentication • The mixture of On-Line and Off-Line Authentication

  6. On-Line Authentication • Authenticate the roaming user each time Foreign Network Home Network ASFN ASHN Yes or No Is the MS valid? Accept/Reject Roaming Service Request Roaming MS MS

  7. MS Off-Line Authentication • Authenticate the roaming user locally Home Network Foreign Network ASFN ASHN pre-shared information Roaming Service Request Accept/Reject Roaming MS

  8. MS The mixture of On-Line and Off-Line Authentication On-line authentication when the roaming user requests service for the first time. Off-line authentication for subsequent service requests Home Network Foreign Network ASFN ASHN shared information shared information Yes or No Is the MS valid? Roaming Service Request Accept/Reject Roaming MS

  9. The roaming authentication protocol • Off-line roaming authentication • Security properties • Anonymity of MS • Mutual Authentication between MS and Foreign Network • Nonrepudiation of MS • Minimizing the number of exchanged messages • Minimizing the computation load at MS • Simple Key Management

  10. The roaming authentication protocol • ID-based signature technique from Weil-pairing • No certificate is needed • Verify the signature by public information of the signer (email address, identity, …) • Secret sharing technique from Lagrange Interpolating polynomial

  11. Lagrange interpolating polynomial - secret sharing ID1 x1=ID1 and y1= f (ID1) y1= f (ID1) y2= f (ID2) ID2 x2=ID2 and y2= f (ID2) yn= f (IDn) … IDn xn=IDn and yn= f (IDn)

  12. Lagrange interpolating polynomial - secret sharing x1=ID1 and y1= f (ID1) ID1 ID2 secret x2=ID2 and y2= f (ID2) … xt=IDt and yt= f (IDt) IDt

  13. ASFN ASHN Sigcharge2 RSFN Accept/Reject RSMSn RSMS2 RSMS1 MSn MS 1 MS 2 K K The Roaming Authentication Protocol Foreign Network Home Network + Roaming Information …

  14. System Initialization-ASHN • System Initialization • ASHN generates • System public parameters {e, G1, G2, P, H1, H2, H3} • System private key s • System public keyPpub = sP • ASHN selects a RSFN RZq, and sends the RSFN to ASFN by secure channel.

  15. PKMS =H1(TID MS|| IDHN || DateMS), SKMS= s PKMS DateMS : the expiration date of the public/secret key pair System Initialization-ASHN • When MS registers at ASHN, the MS will get {IDMS, TIDMS, SKMS, RSMS, Kcomm} Where

  16. ASFN MS {TIDMS, IDHN, DateMS, PKMS, request, T, RSMS, CMS, Sigcharge} {EK[ServiceData, T]} or reject Mutual Authentication • MS roams to the Foreign Network (ASFN): Foreign Network Compute the Sigcharge Verify the Sigcharge Compute the session keyK Compute the session key K

  17. Mutual Authentication-MS • MS executes the following steps: Step A1: MS computes the Sigcharge ={Rcharge, Scharge} Step A2: MS sends the authentication request to ASFN

  18. Mutual Authentication-ASFN • When ASFN receives the request from MS, ASFN will execute the following steps: Step B1: verify the public key PKMS Step B2: check the DateMS thencheck

  19. Mutual Authentication-ASFN Step B3: verify the correctness of Sigcharge Step B4: compute the rMS and the session key K Step B5: send to MS

  20. Mutual Authentication-MS • When MS receives the message from ASFN, • MS computes the session key K’ K’ = Kcomm⊕ CMS • MS decrypts the by using K’  MS gets the ServiceData and T’ • MS checks T’ = T ?

  21. Security Analysis • Anonymity of Roaming User  TIDMS • Mutual Authentication between MS and ASFN ASFNMS: Sigcharge MSASFN: Session key K • Nonrepudiation of Roaming User  Sigcharge

  22. Security Analysis • Prevention of Attacks • Replay Attack  timestamp: T • Impersonating Attack MS  Attacker cannot get the SKMS  cannot compute the Sigcharge ASFN  Attacker cannot get the RSFN  cannot compute the K • Dishonest ASFN  The ASFN cannot compute the Sigcharge • Disclosure of session key Attacker cannot get the Roaming Share RSFN of ASFN  cannot compute the K

  23. Performance analysis [ 7] M. Rahnema, “Overview of the GSM system and protocol architecture,” IEEE Commun. Mag., pp. 92–100, Apr. 1993. [12] J. Zhu, J. Ma, “A new authentication scheme with anonymity for wireless environments,” IEEE Trans. Consumer Electronics, Vol.50, No. 1, pp. 231 – 235, Feb 2004. [ 6] M. Long, C.-H. Wu, J.D. Irwin, “Localized authentication for inter-network roaming across wireless LANs,” IEE Proc. Communications, Vol.151, No5, Oct. 2004. [ 5] W.-B. Lee, C.-K. Yeh, “A New Delegation-Based Authentication Protocol for Use in Portable Communication System”, IEEE Trans. Wireless Communication, Vol.4, No.1, pp. 57-64, Jan. 2005.

  24. Performance Analysis • The Number of Exchanged Messages

  25. Performance Analysis • Comparison of Computation Load at MS

  26. Performance Analysis • Storage Overhead • Each MS: {IDMS, TIDMS, SKMS, RSMS, Kcomm} • ASFN : RSFN

  27. Conclusion • The proposed off-line anonymous roaming authentication • Number of exchanged messages: 2 • Security Issues Anonymity, Mutual authentication, Non-repudiation, data privacy and data integrity • Low computation load at MS • Simple key management

More Related